iManage 10.x allows you to configure sign on using SAML or more commonly known as single sign-on (SSO).  SSO is a newer addition to iManage authentication and allows for more secure connectivity to your iManage installation.  Prior to SSO you had the option of either explicit authentication or Active Directory integration.

Explicit authentication forces you to authenticate directly with iManage sending usernames and passwords directly to the iManage server(s).  Active Directory integrated authentication passes the user’s credentials to Active Directory, but the iManage server still handles the user’s credentials in order to send them to Active Directory.

By contrast, with Single Sign-On, the iManage server forwards access requests directly to the identity provider.  In this way iManage never handles the user’s credentials.  The user directly authenticates with the identity provider who then forwards a “token” to iManage either authorizing or denying access to the user.

This difference is important because it makes it more difficult to exploit iManage to gain access since the system never handles any credentials.  It forwards all access requests to an identity provider.  iManage only accepts tokens from the identity provider.